Slashdot Mirror
Proposal To Limit ISP Contact Data Draws Fire
An anonymous reader writes "A proposal to let Internet service providers conceal the contact information for their business customers is drawing fire from a number of experts in the security community, who say the change will make it harder to mitigate the threat from spam and malicious software, according to a story at Krebsonsecurity.com. From the piece: 'The American Registry for Internet Numbers (ARIN) — one of five regional registries worldwide that is responsible for allocating blocks of Internet addresses — later this month will consider a proposal to ease rules that require ISPs to publish address and phone number information for their business customers. Proponents of the plan couch it in terms of property rights and privacy, but critics say it will only lead to litigation and confusion, while aiding spammers and other shady actors who obtain blocks of addresses by posing as legitimate businesses.'"
Not good enough. I don't want to bother the cops when I can bother the ISP, or the people hosting that ISP, and upwards. Besides, not everyone is in the US.
Privacy is less important here than the potential for menace and the ability of people to kvetch directly at troublemakers.
For every problem, there is at least one solution that is simple, neat, and wrong.
If GB is passing laws to cut off file sharers, who do so for personal use only, why can't they move quickly to impede spam?
... oh right. Spam is enterprise, brings in money. Piracy takes it away. Never mind that everyone loves piracy and hates spam ...
Quartz Extreme and Core Image. Are there any other real reasons to spend all that money on generic hardware?
I know that for my company, I'd get a lot less spam if they couldn't trawl my email address out of the registry. Fortunately, a quick filter set up gets rid of most of it.
Unfortunately, there are several problems with this:
1) "We might use civil causes of action, class actions, and/or private atty general statutes. (But have to be careful to limit abuse.)"
result: Cop says "Not breaking the law, not my problem, go away."
So you have to make spamming truly against the law.
Result: Cop says "Yea, I'll get right on that, after I go after a bunch of more interesting (read: higher fines) crimes." Considering how little the cops enforce crimes that are threats to life and limb like tailgating, I don't think there would be much interest.
2) Jurisdiction: result: cop says "Nice, but not in my district, so not my problem. Go away." Cop in area where ISP is says "You willing to show up here to make a complaint? No? Not my problem. Go away."
3) Assuming you make the cops care - they go to ISP "Give us the info. We have a warrant." ISP says "here's the address of the shell corporation in East Elbonia." Cop says "Not my jurisdiction. Not my problem. There a good donut shop around here?"
The latter is what happens anyway - I used to try to go after the hundreds of IPs a day that try to infect my PC. ISPs don't care, and won't care unless you can change the law, and if you try to change the law, the ISPs will outspend you.
www.eFax.com are spammers
You have a license plate on your car that's publicly viewable, and you don't have the right to obstruct/hide it. What's the problem with that?
You have an address on the door to your place that's publicly viewable. What's the problem with that?
You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?
You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?
You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?
You want to host something on the net? Fine - be prepared to post valid contact info. Otherwise, make arrangements for someone else to host it, or host it off the net.
In these cases, access is limited (by line-of-sight), or the information does not provide back-tracability. That no longer happens when posted online.
Or would you like to prove this isn't a big issue by posting your phone number, address, license plate number, and check routing/account numbers here for us?
Write your representatives! Repeal the 2nd Law of Thermodynamics!
Not good enough. I don't want to bother the cops when I can bother the ISP, or the people hosting that ISP, and upwards.
Isn't that the RIAA thought as well?
STRANGELY ENOUGH the people who argue against privacy never seem to want to do that. They aren't terribly committed to their statements after all.
It is a miracle that curiosity survives formal education. - Einstein
Ever think that it's the way you treat them online that convinces them to let out their inner demons?
Getting rid of "private" domains won't do a damn thing except INCREASE the amount of spam that domain holders get. Spammers don't hide behind private domains, they hide behind huge botnets!
I used to not hide my whois information. In fact, I was proud to display my contact information in my whois entry when owning my own domain was a novel thing. Then the spam started on the contact accounts. Annoying, but I could handle it. Soon after, I started getting phone calls from people who barely spoke English claiming to be from my "hosting company" or from NetSol and they need access to my host right away or there was a "billing problem" and they need my credit card information to resolve it.
I set my domain information private right after that and never looked back.
No thank you. I use private domains to HIDE from spammers and scammers.
The